bitly

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to run Membrane actions (e.g., "get-bitlink", "expand-bitlink") and use "membrane request" to fetch Bitly data — which includes user-provided link metadata and expanded long URLs from a public third-party service — that the agent is expected to read and that could materially influence subsequent actions.